Re: [Catalyst] SMTP vs sendmail
SMTPing to localhost usually doesn't make much sence - it is slow and as you mentioned already it causes trouble when the daemon is down or slow. So either you want to do queueing overhead, dns resolving and SMTPing to the *remote* host yourself or you simply open(MAILER,|sendmail @args). Using |sendmail means you've got the overhead of forking a separate process, SMTP to localhost the overhead is making the socket connection. Once it gets to your MTA it'll pretty much do the same in either case. Piping to sendmail also has the disadvantage that in many cases it'll leave [EMAIL PROTECTED] in the headers, using SMTP means your message doesn't get mangled. To be honest the best solution to to make use of your ISPs outgoing mail gateway/smarthost. It'll be the most reliable mail server on their network, and you've only got the overhead of an outgoing socket connect. Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] SMTP vs sendmail
Except by piping to sendmail, you can also specify -odq, which says to sendmail 'dump this into the mail queue and return immediately, I don't want to wait for delivery to work' which can make the application much faster and leave the mail delivering to sendmail. No difference, when I SMTP my mail the server only has to dump it into it's queue, then I get the OK back. The best solution would be to do both, use sendmail on the web server to deliver into a local mail queue which is forwarded to the smarthost for delivery. No point, you're just adding an additional MTA into the loop. I suggested using the mail gateway as at any decent ISP it's likely to almost always be available. Unlike individual servers which may have broken config etc. So unless the local MTA needs the services of a smart host for routing problems, then it's extra hops. That way you get the advantage of having the mail server handle the mail, while freeing you from having to write your own version of sendmail to deal with these situations: * What does your application do if the smarthost is getting pounded by spammers and that outgoing socket connect fails? * What does your applicaiton do if the smarthost is down for maintenance or hardware failure? I'd do the same as what I'd do if I were piping to sendmail - you do check the return value of the open? And all the print statements? And the close statement don't you? Does your ISP keep a close eye on mail queues to make sure that the stuff you're blindly dumping on the local MTA is actually getting delivered? Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Rate limiting password attacks
What's to stop the bot from grabbing the token from the home page and using it in its attack? The token has to be something the bot can't readily read, e.g., captcha. Bill said: I have the ability to turn on form tokens on my forms, so to be able to post to a form you have to first fetch the single-use token from the form. That has been a big help with forms that send mail, but also aids in preventing reposting of forms -- in addition to redirect after post. So obviously they work for him. Anything that has an effect without causing accessibility problems for users has to be a good thing. In any case, I was just suggesting a way he could still make his existing token system work with a static page to save server resources. Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Rate limiting password attacks
Bill Moseley wrote: Unfortunately, often want to have a login form on the home page and that page is typically static -- so can't use my token in that situation. How about using a variation of the token system. You have a token that's valid for any request that you change fairly frequently - say every 5 minutes. Then you dynamically insert that into the home page. Then to give you the effect of a static home page, use apache's mod_cache. Finally in your login form, you accept any from the last X tokens where X 2 (you could've cached the page just before the token expires) up to whatever life you want to allow. Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Rate limiting password attacks
Anyone doing something like this already? Suggestions? Caveats? You'll almost certainly have to log it per-IP address rather than an a cookie or session or anything like that. Any real password-cracking bot is unlikely to honour your cookies or session identifiers. Which in return means you'll need to be careful, you don't want to block AOL users from logging in, just because a few of them all forgot their passwords within a few minutes of each other. As an idea, how about adding an (increasing) artificial delay into the response when the clients send an invalid username/password. It would make things increasingly awkward for crackers, whilst still letting good users through. A suggestion though it wouldn't work very well in mod_perl or similar setups where you can't afford to tie up system resources holding onto client connections. Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Rate limiting password attacks
Well, that would be every environment where Catalyst runs. If you want to do something fancy, I'd suggest looking at lingerd, a C daemon written to take TCP connections handed off from mod_perl. It would require some C-level hacking, but I expect you could alter it for this purpose. Lingerd is only good for apache 1.3 though (or at least I've not come across a port of it). So you're talking serious hacking. It would probably be easier to use perlbal to do this via a redirect to a more lightweight server. Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Rate limiting password attacks
Also considered issuing a redirect to a simple server that will delay the number of failed attempts seconds before redirecting back to the login page. Any smart attacker would get clued about this an not follow that redirect. Fun anyways, though. ;) As I just said in the other email, you could use perlbal and not send the redirect directly to the client - but to your perlbal proxy, which then requests a delay from your stripped http server, which then sends the real response. Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Re: Trimming and Quoting Oh My!
I wasn't trying to get all email reply nazi on everyone's ass. It just seems to me that the list has become increasingly difficult to read/parse over the last few weeks. Is that a good sign? Does it mean that we're attracting some of these young kids that don't remember the days when everybody posted in plain text at the bottom of the message? Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Two Strange Catalyst/Apache Issues
Perl use lib qw(/.../bylines); # This block only matters when the app is outside the default Perl areas /Perl Is that really what you have? ... probably is right, and you are missing the lib of the end of the path? We use: Perl use lib qw(/path/to/CatProject/lib/); /Perl Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Too greedy name-based Virtual Host
This works, and http://site2.domain.tld calls our Catalyst application, and it seems to work properly. But strangely enough, our application is now bound also on site1.domain.tld ! (so all the usual pages are not reachable anymore). Have you setup another VirtualHost for site.domain.tld? The first VirtualHost is automatically the default for all hostnames that don't have their own VirtualHost configured. Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] running catalyst through mod_perl
[info] Registration powered by Catalyst 5.7007 fork: Cannot allocate memory unable to fork new process You've ran out of memory! Might be worth watching top/task manager in another window whilst you try to startup to see what's going on memory wise. Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] A View that may include elements optionally returnedfrom other funcs
Ugh... Assume that the view gets everything from controller. Then this controller is the thing that should gather everything together before shipping it to the view. Let the template decide the form, let the controller decide the content. That's fair enough, but say you've got 20 possible page elements of which typically 5 or 6 are included in the final page. Would you still suggest that the Controller should initialize any data for all 20 elements onto the stash? What if some of those elements are relatively expensive to generate? What Steve wants is some way of being able to decide in the View which of those elements are included and load them accordingly. The best solution I can come up with is passing coderefs into your view which can then be run to retrieve the data would something like this work? $c-stash-{'get_most_popular'} = sub { return $c-model('DB')-some_expensive_db_op(); }; Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] A View that may include elements optionally returnedfrom other funcs
Maybe I am confused about MVC, but wouldn't you want the view to decide how to present what is sent to it by the controller, and hence have the controller handle this? I don't know if it's you that's confused or me that's confused ;-) I can see your point of view though. From my point of view, the View is handled by a designer. The designer knows about HTML, CSS, JS, and enough about TT to get them going. They typically wouldn't know anything about perl. When the designer assembles the pages he decides which of the possible common elements is going on each page and will include the relevant sub-templates. It makes sense for me to be able to delegate control of that to the designer by just letting them include what they like without having to be involved every time something changes. As an example during the summer the designer might take the football league tables off the site in favour of something else. In my Controller though the code that generates that data will still be run even though it's now redundant. Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] UK Catalyst jobs
Hi, I work for the Guardian Media Group in their regional division based in Manchester, England. We run the websites for the groups various regional interests - mainly newspapers, but we also have a local TV station Channel M. Our flagship title is the Manchester Evening News, for which we've just launched a new site built on Catalyst. We're currently looking at expanding our web presence both for existing titles/sites and into new areas, so are looking at expanding the development team. We're a Perl shop, and have been running a mod_Perl/Apache::Registry based setup for several years. We've recently made the decision to adopt Catalyst for future developments. We're looking for a number of server-side developers to come and join the existing team here: http://www.gmgjobsnorth.co.uk/digital/server_side_developers.html And as Catalyst allows a reasonable separation of presentation, we're also looking for client-side/JavaScript developers. http://www.gmgjobsnorth.co.uk/digital/client_side_developers.html Finally there's a little more blurb here: http://www.gmgjobsnorth.co.uk/digital/ Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] logout and go back to previous session?
now. somebody else can use the same computer/browser to connect to his account - named, with full login/password things. so we create him a session (short term, only till the closing of browser). but. after this named user will logout, or close the browser and reopen - we should be able to go back to the previous anonymous user. This doesn't make sense to me, before the named user logs in they'll be accessing the same anonymous session. Therefore you can't tell the difference between the two different users. Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] putting an object in the stash
Is it possible to do that without specifying all the keys by name? Or at least is there a way to get all the keys from $obj, then loop and create a hash, something like: my $hash; foreach(@keys) { $hash-{$_} = $obj-$_; } You're asking for trouble with something like that. Create a DB column called template and BOOM! You're almost certainly better off doing this on the template side of things: [% FOREACH obj %] Name: [% name %] [% END %] Will do the same as: Name: [% obj.name %] as long as there is only one obj. Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] logout and go back to previous session?
anonymous is not 100% anonymous. each anonymous session will have it's own user-id (without username and possibility to login as this user) - this is to make sure one doesn't have to register in order to use basic functionality of the system (which needs to create some records in database). It still doesn't matter. If you have 20 people all use the same computer, and none of them login - how many anonymous users do you have. How do you tell the difference between them and switch between them? Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Detecting if a user aborted a (long) download
Here's a worst-case scenario you send it to IE and somewhere along the line it picks up a Vary header. IE won't store anything in it's cache with a Vary header - not even downloaded files. So it downloads the file then deletes it. You can't save it elsewhere or retrieve it! http://support.microsoft.com/?kbid=824847 (By the way it exhibits the same behaviour if you send proper no-cache headers.) So as far as the server is concerned, your logs are concerned, and anything else you are concerned that file has been delivered to the client successfully. As far as the user is concerned you may as well not have bothered as the browser's eaten the download. Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Chained, slashes, and escaping
When I access the following URI: /tag/sl%2Fashes $tag gets set to sl instead of sl/ashes. Apparently back in the early days of the web, a URL like that caused problems I ran into this a couple of weeks ago. As far as I could the development myapp_server actually deals with everything correctly. In Apache: You can now allow encoded slashes in Apache 2.0.46 with: AllowEncodedSlashes On If you're using mod_perl though, when Catalyst fetches the URI from apache it requests the parsed vesion so for your example would get back /tag/sl/ashes You can customise Catalyst::Engine::Apache to use unparsed_uri and split off the query string - which seems to work OK for my simple case, but I didn't test any further. See: http://lists.scsys.co.uk/pipermail/catalyst-dev/2007-February/000578.html Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] New Catalyst site
Hi, I would like to announce that www.manchestereveningnews.co.uk has just been relaunched using Catalyst and mod_perl. For those that live outside the UK. The Manchester Evening News is the UK's most popular regional newspaper outside London and the sister paper of The Guardian (which started life as The Manchester Guardian). Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] New Catalyst site
How is the content managed? I'd like to know if you integrated your Catalyst application with an existing content management system and if so, how you pulled this off. Having to choose a CMS and framework for a similar site myself this really could help me make a decision. We've got an existing CMS - Polymedia from an Italian company called TXT www.txt.it. It works using XML internally, and uses Oracle (or MS SQL) as a back-end database. It's quite good for integration and will feed data out (via XSLT) as XML or into a DB table etc. We've been using it for around 5 years now, and have built up an archive of around 150,000 articles for the MEN. In addition we have two other newspaper groups with 58,000 and 67,000 articles respectively. The downer is that the Polymedia interface is IE only (relies on MSXML), although it comes with an integrated, if basic, ActiveX image-editing component. So for an article, from Polymedia we generate 4 outputs. Firstly an XML file is stored on the filesystem for Catalyst use. Another XML file is generated and fed into FAST (www.fastsearch.com) which provides the search back-end for the site. Finally we feed some of the meta-data (not the full content) into DBs - both MySQL and Oracle. The static resources - images/audio/video - are all fed separately onto a dedicated server. MySQL is our new choice of DB and we use it to run things like most popular and most recent stories. The story comments are still in Oracle as we haven't (yet) redeveloped the interface the journalists use to manage these (that interface shows the journalist the headline and teaser of the story.) We use XML::Simple in a Catalyst model to parse stories into perl objects, making use of a FastMMap Cache (per-server) to store the parsed XML for up to 2 minutes. At the front-end we have three load-balanced webservers running Catalyst to serve the pages, and a further server to serve the static resources. We simply do this by using an alternate server name in the HTML rather than having to worry about proxies. We then just check the server logs to ensure that nothing is falling through. Think that's all, one of my colleagues lurks on the list so if I've posted something inaccurate it may tempt him into posting :-) Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Re: memory usage of mod_perl process
Just a couple of comments on this topic. If you're using apache2.2 then mod_cache is available. This can be used to cache the result of a request either in memory or disk. Ideal for the situations where you want to cache the front page of your site every minute. http://httpd.apache.org/docs/2.2/mod/mod_cache.html Also if you want to offload all your static resources to a non-Cat server then the simplest way of doing that is to simply stick a full url in the HTML. img src=http://static.example.com/images/logo.png; / Use a config option so you can vary it: img src=[% c.config.static_path %]/images/logo.png / Using ConfigLoader you can have different devel/live values for static_path too. Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst vs Rails vs Django Cook off
Leandro Hermida Speed does matter and I believe the original thread question is a valid one. Not everyone has the time or the know-how to do wheel reinvention and write custom daemons (I know I don't). That's why people write kernels and libraries and abstraction of lower level things so that others can build things on top. Otherwise we would never get anything done. So here you're saying that getting things done is more important than pure speed? So surely you pick the framework that most helps you get things done rather than the one that works fastest? Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst vs Rails vs Django Cook off
Now to say the truth, I won't use RoR because I don't know Ruby, but I want to know which are the advantages and disadvantages of Catalyst comparing with other frameworks. The most important advantage/disadvantage *to you* must be that Catalyst is Perl and you know that, and RoR is Ruby and you don't know that. So it becomes more about Ruby vs Perl than Catalyst vs Rails. It's also entirely personal to you, as you've got to factor in your desire to learn Ruby. Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] regexes and auto actions
Hi, I posted this a couple of weeks ago. The site is split into many areas (and subareas) defined by URL path, the same types of content appear in each area of the site. There's stuff that needs setting up that's specific to the area of the site, this appears around the main part of the content of the page and includes stuff like latest articles for that area. At the same time the actual appearance of the article within the template is always the same, so we don't want to duplicate all the code every time we're dealing with a standard article. So we have: /news/ /news/story/1 /news/comments/1 /sport/ /sport/story/2 /sport/comments/2 /sport/football/ /sport/football/story/3 /sport/football/comments/3 etc Our plan was to use auto actions in the various Controllers to define all the area specific stuff. Then use a Regex action in another Controller to actually generate the article. In practice however only /article/auto and /auto get called. Any other solution we've come up with has involved adding a story action in every Controller. This will be a drag as for each new type of content we'll need to add an action in every controller. After some experimentation we've done it by subclassing. We've defined a article controller with a story/(\d+) LocalRegex action, comments action and a default index action. Then used this as the base class for our news, sport, football, etc Controllers. We can then override where the index page is a different style etc. Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] regexes and auto actions
Hi, Got a question regarding the best way of setting up handlers. The site is split into many areas (and subareas) defined by URL path, the same types of content appear in each area of the site. There's stuff that needs setting up that's specific to the area of the site, this appears around the main part of the content of the page and includes stuff like latest articles for that area. At the same time the actual appearance of the article within the template is always the same, so we don't want to duplicate all the code every time we're dealing with a standard article. So we have: /news/ /news/story/1 /news/comments/1 /sport/ /sport/story/2 /sport/comments/2 /sport/football/ /sport/football/story/3 /sport/football/comments/3 etc Our plan was to use auto actions in the various Controllers to define all the area specific stuff. Then use a Regex action in another Controller to actually generate the article. In practice however only /article/auto and /auto get called. Any other solution we've come up with has involved adding a story action in every Controller. This will be a drag as for each new type of content we'll need to add an action in every controller. Anybody got a neater way of doing it? Thanks Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] development setup
Hi, At work we're looking at using catalyst for some new developments, and would like a development setup that's similar to our existing mod-perl setup. We currently have a central apache/mod_perl server, that then loads htdocs from each of the developers/designers as neccessary. We use Apache::Registry rather than writing handlers in modules, so those are picked up automatically. What modules we do have are loaded up as needed for development, with the apache child process quitting at the end of the request cycle. The result is easy for me as webmaster to maintain the server config so it's the same for everybody and consistant with the live servers. Without having to deal with different OSes (Windows/Mac/and Linux) paths and other problems to do with setting up individual machines. Now everything I've seen about catalyst development is geared towards the developer running their own server and developing on their own machine. Anybody got any suggestions on getting a catalyst setup running along the same lines as above? Thanks Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/